Identity & Access Management for a cloud-first, mobile-first world #WPC16 Identity & Access Management for a cloud-first, mobile-first world Adam Baron Sr Product Manager

EMS Momentum 33,000+ 40% > 2x Customers of O365 IB Growth vs competitors 1000+ 3000+ 7500+

Mobile-first, cloud-first reality 63% 80% 0.6% IT Budget growth Gartner predicts global IT spend will grow only 0.6% in 2016. Data breaches 63% of confirmed data breaches involve weak, default, or stolen passwords. Shadow IT More than 80 percent of employees admit to using non-approved software as a service (SaaS) applications in their jobs.

Identity as the core of enterprise mobility Build 2012 5/27/2018 Identity as the core of enterprise mobility Simple connection SaaS Azure Public cloud Cloud On-premises Other directories Windows Server Active Directory Self-service Single sign-on Microsoft Azure Active Directory

Azure Active Directory Microsoft Confidential NDA Only 5/27/2018 Azure Active Directory 86% of Fortune 500 companies use Microsoft Cloud (Azure, O365, CRM Online, and PowerBI) Azure AD Directories >9 M More than 600 M user accounts on Azure AD Microsoft’s “Identity Management as a Service (IDaaS)” for organizations. Millions of independent identity systems controlled by enterprise and government “tenants.” Information is owned and used by the controlling organization—not by Microsoft. Born-as-a-cloud directory for Office 365. Extended to manage across many clouds. Evolved to manage an organization’s relationships with its customers/citizens and partners (B2C and B2B). 1 trillion Azure AD authentications since the release of the service >42k third-party applications used with Azure AD each month >1.3 billion authentications every day on Azure AD Every Office 365 and Microsoft Azure customer uses Azure Active Directory © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Identity and access management in the cloud Azure Active Directory. Identity at the core of your business Enable business without borders Manage access at scale Cloud-powered protection 1000s of apps, 1 identity Provide one persona to the workforce for SSO to 1000s of cloud and on-premises apps Stay productive with universal access to every app and collaboration capability Manage identities and access at scale in the cloud and on-premises Ensure user and admin accountability with better security and governance

1000s of apps, 1 identity Connect your on-premises identities to the cloud for a seamless authentication experience Single sign-on to thousands of pre-integrated and custom SaaS apps. Bring your own apps: templates for SSO to any SaaS app Provide one persona to the modern workforce for SSO to 1000s of cloud and on-premises applications Secure remote access to on-premises apps SSO from mobile apps Support for lift-and-shift of traditional apps to the cloud

Enable business without borders Ease of use for end users Enable cross-organization collaboration Stay productive everywhere with easy access to every application and powerful collaboration capabilities across location, application, and device borders Any time, any place productivity with Windows 10 Better connect with your consumers

Manage access at scale Advanced user lifecycle management Low IT overhead Manage identities at scale in the cloud and on-premises Monitor your identity bridge

Cloud-powered protection Conditional access to resources Safeguard user authentication Ensure accountability with better security and governance Respond to advanced threats before they start with risk-based policies and monitoring Mitigate administrative risks Governance of on-premises and cloud identities

Identity-driven security 5/27/2018 1:55 PM CLOUD-POWERED PROTECTION Identity-driven security Actions User Conditions User, Group, App sensitivity Allow access or Device state Enforce MFA per user/per app Location MFA Risk Block access NOTIFICATIONS, ANALYSIS, REMEDIATION, RISK-BASED POLICIES CLOUD APP DISCOVERY PRIVILEGED IDENTITY MANAGEMENT IDENTITY PROTECTION © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure Active Directory Identity Protection Windows Server Management Marketing 5/27/2018 CLOUD-POWERED PROTECTION Azure Active Directory Identity Protection Identity Protection at its best Infected devices Leaked credentials Gain insights from a consolidated view of machine learning based threat detection Configuration vulnerabilities Brute force attacks Suspicious sign-in activities Remediation recommendations Risk-based policies MFA Challenge Risky Logins Block attacks Change bad credentials Machine-Learning Engine Risk severity calculation Risk-based conditional access automatically protects against suspicious logins and compromised credentials © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Privileged Identity Management Windows Server Management Marketing 5/27/2018 CLOUD-POWERED PROTECTION Privileged Identity Management How time-limited activation of privileged roles works SECURITY ADMIN Users need to activate their privileges to perform a task ALERT MFA is enforced during the activation process Configure Privileged Identity Management Alerts inform administrators about out-of-band changes Identity verification Read only ADMIN PROFILES Monitor Users will retain their privileges for a pre- configured amount of time Billing Admin Global Admin Audit USER MFA Service Admin Access reports Security admins can discover all privileged identities, view audit reports and review everyone who has is eligible to activate via access reviews PRIVILEGED IDENTITY MANAGEMENT © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Enterprise Mobility +Security IDENTITY - DRIVEN SECURITY Enterprise Mobility +Security Extend enterprise-grade security to your cloud and SaaS apps Microsoft Cloud App Security Microsoft Intune Azure Active Directory Premium Manage identity with hybrid integration to protect application access from identity attacks Azure Information Protection Protect your data, everywhere Protect your users, devices, and apps Detect threats early with visibility and threat analytics Microsoft Advanced Threat Analytics

Enterprise Mobility + Security EMS Overview 5/27/2018 Enterprise Mobility + Security Identity and access management Managed mobile productivity Information protection Identity-driven security Azure Active Directory Premium P2 Identity and access management with advanced protection for users and privileged identities (includes all capabilities in P1) Azure Information Protection Premium P2 Intelligent classification and encryption for files shared inside and outside your organization (includes all capabilities in P1) Microsoft Cloud App Security Enterprise-grade visibility, control, and protection for your cloud applications EMS E5 Azure Active Directory Premium P1 Secure single sign-on to cloud and on-premises apps MFA, conditional access, and advanced security reporting Microsoft Intune Mobile device and app management to protect corporate apps and data on any device Azure Information Protection Premium P1 Encryption for all files and storage locations Cloud-based file tracking Microsoft Advanced Threat Analytics Protection from advanced targeted attacks leveraging user and entity behavioral analytics EMS E3 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, Surface and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Empower your employees by creating a secure productive enterprise Microsoft Envision 2016 5/27/2018 1:55 PM Empower your employees by creating a secure productive enterprise Trust Collaboration Intelligence Mobility Protect your organization, data and people Create a productive workplace to embrace diverse workstyles Provide insights to drive better business decisions faster Enable your people to get things done anywhere © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Secure Productive Enterprise Microsoft Envision 2016 5/27/2018 1:55 PM Secure Productive Enterprise Delivered through enterprise cloud services Office 365 Enterprise Mobility + Security Windows 10 Enterprise © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Complete your evaluations… for a chance to win a prize! Complete your session and conference evaluations here: aka.ms/wpcevals or though the mobile app Thank you partner. We value your feedback. Microsoft will donate $1 $5 for completing a session evaluation for completing the overall conference evaluation to the non-profit organization Right to Play, a Microsoft YouthSpark Partner

Next Steps Try Microsoft Identity Manager www.microsoft.com/mim Read the Active Directory Team Blog blogs.technet.com/b/ad Review TechNet – Microsoft Identity Manager 2016 technet.microsoft.com Watch Channel 9 videos – Microsoft Identity Manager 2016 channel9.msdn.com Learn more about Enterprise Mobility Suite and Azure Active Directory Premium www.microsoft.com/ems